Tuesday, June 6, 2017

Hands Tied: Half of Organizations Say Cyber Attacks Are on the Rise, but Resource Constraints Persist

80 percent of ISACA survey respondents expect a cyberattack to hit their organization this year, but many remain unprepared

ROLLING MEADOWS, Ill.-Tuesday, June 6th 2017 [ ME NewsWire ]

(BUSINESS
WIRE)-- New and evolving threats combined with persistent resource
challenges limit organizations’ abilities to defend against cyber
intrusions, according to the second installment of ISACA’s 2017 State of
Cyber Security Study. Eighty percent of the security leaders who
participated in the survey believe it is likely their enterprise will
experience a cyberattack this year, but many organizations are
struggling to keep pace with the threat environment.

More than
half (53 percent) of survey respondents reported a year-over-year
increase in cyberattacks for 2016, representing a combination of
changing threat entry points and types of threats:

IoT
overtook mobile as primary focus for cyber defenses as 97 percent of
organizations see rise in its usage. As IoT becomes more prevalent in
organizations, cyber security professionals need to ensure protocols are
in place to safeguard new threat entry points. Sixty-two percent
reported experiencing ransomware in 2016 but only 53 percent have a
formal process in place to address it—a concerning number given the
significant international impact of the recent WannaCry ransomware
attack. Malicious attacks that can impair an organization’s
operations or user data remain high in general (78 percent of
organizations reporting attacks).

Additionally, fewer than 1 in 3
organizations (31 percent) say they routinely test their security
controls, and 13 percent never test them. Sixteen percent do not have an
incident response plan.

“There is a significant and concerning
gap between the threats an organization faces and its readiness to
address those threats in a timely or effective manner,” said Christos
Dimitriadis, Ph.D., CISA, CISM, ISACA board chair and group head of
information security at INTRALOT. “Cyber security professionals face
huge demands to secure organizational infrastructure, and teams need to
be properly trained, resourced and prepared.”

The good news: more organizations than ever
now employ a chief information security officer—65 percent, up from 50
percent in 2016. However, security leaders continue to struggle to fill
open cyber security positions, as part 1 of this year’s State of Cyber
Security report indicated, and nearly half (48 percent) of respondents
don’t feel comfortable with their cyber team’s ability to address
anything beyond simple cyber security issues. Additionally, more than
half of all respondents say cyber security professionals lack an ability
to understand the business.

Though training is critically needed
to address these skill shortages, 1 in 4 organizations have training
budgets of less than US $1,000 per cyber security team member. While
overall cyber security budgets remain strong, fewer organizations are
increasing their budgets this year. About half will see budget
increases, down from 61 percent in 2016.

“The rise of CISOs in
organizations demonstrates a growing leadership commitment to securing
the enterprise, which is an encouraging sign,” said Dimitriadis. “But
that’s not a cure-all. With the number of malicious attacks increasing,
organizations can’t afford a resource slowdown. Yet with so many
respondents showing a lack of confidence in their teams’ ability to
address complex issues, we know there is more that must be done to
address the urgent cyber security challenges faced by all enterprises.”

ISACA’s
State of Cyber Security Study 2017 is available as a free download at
www.isaca.org/state-of-cyber-security-2017. Part I covers workforce
issues, and part II addresses the threat landscape. This report is the
latest resource from ISACA’s Cybersecurity Nexus (CSX), which provides
knowledge, skills-based training and performance-based certifications,
and career guidance for cyber security professionals and those looking
to build cyber security skills.

About ISACA

Nearing its
50th year, ISACA® (isaca.org) is a global association helping
individuals and enterprises achieve the positive potential of
technology. ISACA leverages the expertise of its half-million engaged
professionals in information and cyber security, governance, assurance,
risk and innovation, as well as its enterprise performance subsidiary,
CMMI® Institute, to help advance innovation through technology.